gtm-design-play

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by ingesting and processing data from external, potentially attacker-controlled sources.
  • Ingestion points: The skill reads prospect data from outreach-log/*.jsonl and utilizes output from external scraping scripts such as scripts/techcrunch-funding-rss.py and scripts/hn-show-scraper.py (which fetches data from HN Algolia API).
  • Boundary markers: The instructions lack specific boundary markers or "ignore embedded instructions" warnings for the agent when processing the content of these logs or scraped data.
  • Capability inventory: The skill's primary capability is writing distilled patterns and generated copy to new files in the plays/ directory.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is interpolated into the play templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 05:53 PM
Security Audit — agent-trust-hub — gtm-design-play